should I make just port 80 available for 192.168.0.3? 192.168.0.3 is a win98 machine with IE5 as browser 192.168.0.1 is the linux box with the masq etc and the apache running. when entered on the winbox: http://localhost/index.html nothing happens.... do you know why? piet zentara wrote:

On Tue, 26 Mar 2002 22:09:15 +0100 PR wrote:

...

I want to run a apache server (port 80) at 192.168.0.1 what settings must be altered for susefirewal2 when masq is on for 192.168.0.3

Well you have a choice whether you want to "trust" your internal net or not.

For the masquerading get these: FW_DEV_EXT="ppp0" FW_DEV_INT="eth0" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="192.168.0.0/24"

To give all your INT net access to all your services:

FW_TRUSTED_NETS="192.168.0.0/24"

If you don't want a Trusted net, you can setup each service individually, but the above will get you going.

Don't forget to set the P to P partner in 192.168.0.3, to masqurade thru 192.168.0.1.

thanks Zentera, that worked. should I run dns for etc/hosts or do I make my self foolish now... furthermore: I have due to my ISP a non-fixed Ip-address still by setting a time switch to 999999 I can keep an address for quite some time. what alterations do I have to make to make the apache approachable from the outside world? piet zentara wrote:

On Wed, 27 Mar 2002 09:58:48 +0100 PR wrote:

...

should I make just port 80 available for 192.168.0.3? 192.168.0.3 is a win98 machine with IE5 as browser 192.168.0.1 is the linux box with the masq etc and the apache running. when entered on the winbox: http://localhost/index.html nothing happens.... do you know why? piet

You need to enter on the winbox http://192.168.0.1 or you might be able to enter your name as listed in /etc/hosts

If the name in /etc/hosts dosn't work; make sure your server address is setup in /etc/httpd/httpd.conf to use that name. It is easier to use the 192.168.0.1

As far as restricting access to port 80 for your internal net, it is better than "trusted nets"; especially if connecting with windows. :-) You can't trust a windows machine.

FW_PROTECT_FROM_INTERNAL="yes FW_SERVICES_INT_TCP="80" FW_TRUSTED_NETS=""

mii-tools. Older hardware may not support it. HTH, Jeffrey Quoting Tobias Braun :

Hi,

does anyone know how to switch the 8136too module to 10Mbit/s. I have Suse 7.2 kernel 2.4.

Thanks in advance

Tobias

On Wed, 27 Mar 2002 12:49:35 +0100 PR wrote:

thanks Zentera, that worked. should I run dns for etc/hosts or do I make my self foolish now...

/etc/hosts is used as a "local dns" while your system boots, if no dns server is going, or if you don't have one. It's mostly used just to identify hosts on your local net. You could move up to your own dns server if you want, but that is a big step.

furthermore: I have due to my ISP a non-fixed Ip-address still by setting a time switch to 999999 I can keep an address for quite some time. what alterations do I have to make to make the apache approachable from the outside world? piet

Well you could try to set your servername in /etc/httpd/httpd.conf to the ip-address you have at the time. Then you would need to change the firewall config to add FW_SERVICES_EXT_TCP="80" Then people from the internet should be able to reach your machine's webserver, if they enter the ip number; like http://208.123.456 (or whatever number you have at the time). I don't see how you could use a dns name, but the raw number should find it's way to your machine. You probably could make a script to do the editing of the httpd.conf and restarting apache automatically I'm not sure if your ISP can block port 80 traffic coming in, but that might be a problem. Most ISP's don't like you operating servers from a dialup account. Are you on cable or asdl? -- $|=1;while(1){print pack("h*",'75861647f302d4560275f6272797f3');sleep(1); for(1..16){for(8,32,8,7){print chr($_);}select(undef,undef,undef,.05);}}